Mobile App Makers Need to Step Up to Avoid Overregulation

Image: Daniel Y. Go/Flickr

The FTC recently released its “Mobile Privacy Disclosure: Building Trust Through Transparency” staff report. The theme of the report is that mobile platform operating system providers (Amazon, Apple, BlackBerry, Google, and Microsoft), app developers, ad networks, and analytic companies need to provide consumers with timely, easy-to-understand disclosures about the data that is collected about them and how the data is utilized.

It appears to build on the September 2012 report “Marketing Your Mobile App: Get it Right From the Start”. Some of the recommendations in the September 2012 report include: build privacy considerations in from the start, honor your privacy promises, collect sensitive information only with consent, and keep user data secure.

Some members of the app ecosystem appear to have taken the FTC’s September 2012 report very seriously and anticipated that the FTC would soon crack down on companies that may not be following the FTC’s prior digital privacy recommendations. Before the FTC’s new Mobile Privacy Disclosure staff report was released, Apple, Facebook, and Microsoft teamed up to create a new initiative to educate app developers about digital privacy. The program is called ACT 4 Apps and it plans to create an environment where app developers may interact with privacy experts to learn how to abide by state and federal privacy laws.

The announcement that the FTC has fined social networking app Path $800,000 for alleged privacy violations along with this new staff report continues to demonstrates that the FTC is spending considerable resources on digital privacy issues. When the FTC announced last August that Google agreed to pay a $22.5 million dollar fine for misrepresenting to users of Apple’s Safari Internet browser that it would not place tracking “cookies” or serve targeted ads to those users that should have been a wake up call to the digital industry that their business practices may be more heavily scrutinized. December’s announcement that the FTC adopted final amendments to the Children’s Online Privacy Protection Rule (COPPA) to strengthen kids’ privacy protections should have been recognized as a signal by the digital industry that it must become more proactive in protecting the personal data of its users.

This newly released staff report recommends that mobile platforms should: provide just-in-time disclosures to consumers and obtain their affirmative express consent before allowing apps to access sensitive content like geolocation; consider providing just-in-time disclosures and obtain affirmative express consent for other content that consumers would find sensitive in many contexts; consider developing a one-stop “dashboard” approach to allow consumers to review the types of content accessed by the apps they have downloaded; consider developing icons to depict the transmission of user data; promote app developer best practices; consider providing consumers with clear disclosures about the extent to which platforms review apps prior to making them available for download in the app stores, and conduct compliance checks after the apps have been placed in the app stores; and consider offering a Do Not Track (DNT) mechanism for mobile phone users.

App developers should: have a privacy policy and make sure it is easily accessible; provide just-in-time disclosures and obtain affirmative express consent before collecting and sharing sensitive information; improve coordination and communication with ad networks and other third parties that provide services for apps so the app developers can better understand the software they are using and, in turn, provide accurate disclosures to consumers; and consider participating in self-regulatory programs, trade associations, and industry organizations.

This staff report states that advertising networks and other third parties should: communicate with app developers so that the developers can provide truthful disclosures to consumers; and work with platforms to ensure effective implementation of DNT for mobile platforms.

The overall theme of this staff report is that the mobile apps industry must do a better job of communicating to its users what data is being collected and how it is being utilized. If mobile apps stakeholders do not move in a timely manner to implement the recommendations in this report more regulation may be required to protect the personal privacy of consumers. The bottom line is that the FTC may closely monitor how stakeholders react to its recommendations to determine if more regulation may be required to protect the digital privacy of users.

While mobile apps offer some great benefits and exciting new ways to interact with others, there are tremendous privacy issues that need to be addressed. Mobile ecosystem gatekeepers and app developers need to work with regulators and lawmakers to protect the personal privacy of mobile app users and to ensure that the industry does not become over-regulated.